pub struct AuthProvider {
pub id: String,
pub issuer: String,
pub jwks_uri: String,
pub audiences: String,
pub authorization_url: String,
pub jwt_locations: Vec<JwtLocation>,
}
Expand description
Configuration for an authentication provider, including support for JSON Web Token (JWT).
Fields§
§id: String
The unique identifier of the auth provider. It will be referred to by
AuthRequirement.provider_id
.
Example: “bookstore_auth”.
issuer: String
Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.
Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
jwks_uri: String
URL of the provider’s public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:
- can be retrieved from OpenID Discovery of the issuer.
- can be inferred from the email domain of the issuer (e.g. a Google service account).
audiences: String
The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:
- “https://\[service.name\]/[google.protobuf.Api.name]"
- “https://\[service.name\]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences:
https://library-example.googleapis.com/google.example.library.v1.LibraryService
Example:
audiences: bookstore_android.apps.googleusercontent.com,
bookstore_web.apps.googleusercontent.com
Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.
jwt_locations: Vec<JwtLocation>
Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations] (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations)
JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.
If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter
Default locations can be specified as followings: jwt_locations: - header: Authorization value_prefix: “Bearer “ - header: x-goog-iap-jwt-assertion - query: access_token
Trait Implementations§
Source§impl Clone for AuthProvider
impl Clone for AuthProvider
Source§fn clone(&self) -> AuthProvider
fn clone(&self) -> AuthProvider
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moreSource§impl Debug for AuthProvider
impl Debug for AuthProvider
Source§impl Default for AuthProvider
impl Default for AuthProvider
Source§fn default() -> AuthProvider
fn default() -> AuthProvider
Source§impl Message for AuthProvider
impl Message for AuthProvider
Source§fn encoded_len(&self) -> usize
fn encoded_len(&self) -> usize
Source§fn encode(&self, buf: &mut impl BufMut) -> Result<(), EncodeError>where
Self: Sized,
fn encode(&self, buf: &mut impl BufMut) -> Result<(), EncodeError>where
Self: Sized,
Source§fn encode_to_vec(&self) -> Vec<u8>where
Self: Sized,
fn encode_to_vec(&self) -> Vec<u8>where
Self: Sized,
Source§fn encode_length_delimited(
&self,
buf: &mut impl BufMut,
) -> Result<(), EncodeError>where
Self: Sized,
fn encode_length_delimited(
&self,
buf: &mut impl BufMut,
) -> Result<(), EncodeError>where
Self: Sized,
Source§fn encode_length_delimited_to_vec(&self) -> Vec<u8>where
Self: Sized,
fn encode_length_delimited_to_vec(&self) -> Vec<u8>where
Self: Sized,
Source§fn decode(buf: impl Buf) -> Result<Self, DecodeError>where
Self: Default,
fn decode(buf: impl Buf) -> Result<Self, DecodeError>where
Self: Default,
Source§fn decode_length_delimited(buf: impl Buf) -> Result<Self, DecodeError>where
Self: Default,
fn decode_length_delimited(buf: impl Buf) -> Result<Self, DecodeError>where
Self: Default,
Source§fn merge(&mut self, buf: impl Buf) -> Result<(), DecodeError>where
Self: Sized,
fn merge(&mut self, buf: impl Buf) -> Result<(), DecodeError>where
Self: Sized,
self
. Read moreSource§fn merge_length_delimited(&mut self, buf: impl Buf) -> Result<(), DecodeError>where
Self: Sized,
fn merge_length_delimited(&mut self, buf: impl Buf) -> Result<(), DecodeError>where
Self: Sized,
self
.Source§impl PartialEq for AuthProvider
impl PartialEq for AuthProvider
impl StructuralPartialEq for AuthProvider
Auto Trait Implementations§
impl Freeze for AuthProvider
impl RefUnwindSafe for AuthProvider
impl Send for AuthProvider
impl Sync for AuthProvider
impl Unpin for AuthProvider
impl UnwindSafe for AuthProvider
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
Source§fn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
T
in a tonic::Request